Tufin Orchestration Suite R25-2 strengthens network, cloud, and SASE policy automation

Tufin announced Tufin Orchestration Suite (TOS) R25-2. The R25-2 release delivers expanded visibility, automation, and stronger security controls, enabling organizations to strengthen their security posture while simplifying operations across their hybrid environments.

Security and network teams are forced to manage multiple vendors from a variety of different consoles, a task that is increasingly inefficient and unsustainable. This complexity often creates siloed visibility, and the need to support separate tools and security policies, all which unintentionally leads to security policy drift. As a result, application rollouts are slowed, security gaps grow, and compliance issues increase.

Tufin addresses these challenges by providing a unified control plane that centralizes visibility, automates policy orchestration, and ensures continuous compliance across hybrid networks.

With the R25-2 release, Tufin builds on this foundation, strengthening its unified control plane with four major advancements: improved topology accuracy, enhanced cloud compliance and automation, streamlined SASE policy control, and refined AI-driven insights with TufinAI. Together, these innovations give customers end-to-end visibility and automation across on-premises, cloud, and edge environments – all from a single platform.

“It’s no secret that enterprise networks are more fragmented than ever before,” said Jeffrey Spear, Tufin CISO. “Organizations need a modern security platform that is engineered to handle this reality. With these updates to our unified control plane, Tufin does just that; helping teams to see more, automate more, and reduce more risk across their entire environment, no matter what that comprises.”

Improved topology accuracy

The R25-2 release enhances multi-vendor visibility and troubleshooting with expanded support for Palo Alto Networks and Cisco rule sets and traffic paths. New capabilities include visibility into Palo Alto EDLs, Cisco FMC AppID and URL categories, Cisco ACI Endpoint Security Groups (ESGs) and Policy-Based Routing (PBR) to help organizations resolve connectivity issues and misconfigurations.

By improving topology accuracy, Tufin gives security and network teams a view of how policies are applied across environments, helping them reduce security blind spots, avoid misconfigurations, and accelerate troubleshooting. The new topology enhancements let teams understand policy interactions across multiple vendors, so they can make faster, safer decisions.

Stronger cloud compliance and automation

As enterprises expand across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), their security teams face mounting pressure to maintain security policy consistency and compliance. R25-2 introduces significant improvements in cloud automation and risk detection to simplify operations and strengthen Zero Trust initiatives.

Key highlights include:

• End-to-end automation for Microsoft Azure Network Security Groups (NSGs) and any Open Policy Model (OPM) devices, streamlining provisioning and reducing manual work.
• Proactive violation detection for AWS and GCP environments, delivering continuous compliance and automated risk alerts.
• Organization-level cloud management with automatic onboarding of AWS and Microsoft Azure accounts, ensuring complete multi-cloud visibility and control.
• Optimization of overly permissive rules at scale for AWS Security Groups and Microsoft Azure NSGs, reducing the attack surface and improving compliance posture.

Streamlined SASE policy control

As SASE architectures become central to enterprise connectivity, managing security policies across distributed environments has become increasingly complex. R25-2 introduces automated change design and proactive risk analysis for Zscaler Internet Access (ZIA) environments, giving teams faster, more consistent workflows for SASE policy management.

In addition, Tufin’s Rule Optimizer now extends to Zscaler ZIA, enabling customers to automatically identify and remediate overly permissive rules, tightening access control while maintaining application continuity. These enhancements allow organizations to unify security policy management across traditional firewalls, cloud infrastructure, and SASE deployments.

AI-driven insights with TufinAI

R25-2 adds additional enhancements to TufinAI Assistant, Tufin’s AI-powered natural language search that removes technical barriers, accelerates access to policy insights, and boosts collaboration across teams.

Key highlights include:

• Simplified, natural-language search helps users instantly find the right rules based on specific criteria.
• AI-driven search delivers high-quality, relevant results in seconds, saving time and reducing errors.
• Anyone—regardless of technical expertise—can run searches, analyze policies, and make informed decisions independently.

TufinAI helps teams unlock the full value of Tufin’s unified control plane, enabling faster time-to-value and more confident decision-making across security and network operations teams.